Terrorism taxes IT planning in the US

Anti-terrorism legislation recently signed by US President George W Bush appears likely to force financial services companies in...

Anti-terrorism legislation recently signed by US President George W Bush appears likely to force financial services companies in the US to invest in new technology and upgrade older systems.

The legislation aims to make it easier for law enforcement agencies to combat money laundering and track down and freeze terrorists' assets.

The proposed law calls for regulations to be drafted within a year that will set standards for customer verification and financial records production. The US government has nine months to develop a secure network that will be used by companies to share information with federal authorities.

The financial services component of the law is aimed primarily at detecting money laundering. Banks that track deposits of more than $10,000 (£6,880) may now be required to examine lesser amounts and pull together records quickly for investigators.

Mark Loewenthal, chief privacy officer at the US bank, Providian Financial, said that one challenge for banks would be tracking international deposits, which get far less scrutiny than domestic transactions. Bank transaction systems may have to be reprogrammed to collect data when a wire transfer to an offshore account is executed.

"We may have to increase retention of those types of transactions," he said. "If we have to track all transactions overseas, that will become even more cumbersome."

Until the regulations are drafted, it is impossible to know exactly what will be required of companies. But based on the law's open-ended language, the extent to which systems will need to be upgraded could be substantial.

"The new law is going to put more emphasis on upfront, know-your-customer, due-diligence activities, and that's got a huge cost," said Breffni McGuire, an analyst at research firm TowerGroup.

One provision in the law calls for a federally mandated minimum standard for verifying a customer's identity. For example, it may no longer be enough for a bank employee to take a quick look at a driving licence before they open a customer account. Real-time verification of the licence against public records may be required, along with the ability to scan and save copies of customer identity documents..

The proposed law would give regulators a lot of latitude. But IT managers such as Richard Snipes, vice-president of technical services at Washington Mutual, the US's ninth-largest bank, can do nothing now but wait for guidance. "The business unit will eventually make a decision on what's needed to meet that obligation," he said.

Despite the uncertainty about the law's ultimate impact, it has won support from trade groups representing financial services companies. Industry groups expect to work closely with regulators, who are required to seek input from companies affected by the law as part of the rule-making process.

"While this is going to add some new regulatory requirements, we are willing to take on those requirements, because we share the goal of eradicating money laundering," said Lisa McGreevy, director of government and public affairs at The Financial Services Roundtable, which represents the top 100 US financial services firms.

Read more on IT legislation and regulation